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DETAILED ACTION 

1 . This action is in response to the amendment and argument field on 10/02/2008. 

2. Claims 1-8, 10-12, 14-26 remain rejected under 35 U.S.C 102(a) as being anticipated/ 
unpatentable by/over Leung et al. (US Patent No. 6760444). 

3 . Claims 21-26 are newly added. 

4. Claims 9, 13 cancelled. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

Claim 1, 10, 14, 16, 18, 21-26 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent No. 6,16QM^ to Leung et al. 

As per claims 1, 10, 14, 16. 18 Leung discloses an interaction between a Home Agent 
(the application device comprising management clients) that is connected to a server (the service 
device) via a communications network (see column 6, lines 24-26) and one or more wireless 
clients. The Home Agent may contact the server with a request for services such as creating (see 
column 2, line 58 to column 3, line 16) and managing security associations or authentication 
services (handled by the server's internet protocol security services) and receive in return a 
security association (see column 7, lines 16-32). The response is sent by the server to the home 
agent (see column 7, lines 33-50). Since, the security associations may comprise keys (see 
column 7, line 67), this uses a session key management protocol. 

Leung discloses (Leung, abstract, "The security association may be sent to the network 
device to permit authentication of the mobile node. Alternatively, authentication of the mobile 
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node may be performed at the server by applying the security association"), where "node" is the 
unit , as claimed. 

In regard to claim 21, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
wherein said internet protocol security service unit is deployed in a service device (Leung, col 
6, lines 29-36, "In addition to providing a centralized server which is capable of storing security- 
associations for multiple Home Agents, the centralized server may provide fiirther services. By 
way of example, the centralized server may provide authentication services and/or authorization 
services. While authentication determines who an entity is, authorization determines what 
services a user is allowed to perform, or access"); 

- receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with said 
providing the one or more internet protocol security services, to said received security 
association management requests (Leung, col 7, lines 35-47, "At step 714, the server receives 
the packet identifying the mobile node (e.g., an authorization request packet) from the Home 
Agent. . . . send the security association to the Home Agent for authentication of the mobile node 
(716). The server constructs a packet in the appropriate format (e.g., a TACACS+ authorization 
reply packet) and includes the security association"). 

In regard to claim 22, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
said internet protocol security service unit being deployed in a service device (Leung, col 6, 
lines 29-36, "In addition to providing a centralized server which is capable of storing security- 
associations for multiple Home Agents, the centralized server may provide further services. By 
way of example, the centralized server may provide authentication services and/or authorization 
services. While authentication determines who an entity is, authorization determines what 
services a user is allowed to perform, or access"); 



Application/Control Number: 10/720,054 
Art Unit: 2434 



Page 4 



- issuing security association management requests to create and manage, with a 
session key management protocol, security associations for use by said provided internet 
protocol security services, from at least one management client, said at least one management 
client being deployed in an application device (Leung, col 7, lines 54-61, "The security 
association may be retrieved from the server each time mobile node 702 sends a fresh 
registration request. To reduce the effort associated with this, the security association may be 
temporarily loaded into memory (e.g., a portion of DRAM) of the Home Agent. In this manner, 
some transfers of security associations from the server to the Home Agent are eliminated"); 

- receiving in a management server said security association management requests 
issued from said at least one management client (Leung, col 7, lines 35-47, "At step 714, the 
server receives the packet identifying the mobile node (e.g., an authorization request packet) 

from the Home Agent appropriate format (e.g., a TACACS+ authorization reply packet) and 

includes the security association"). 

- responding, in connection with said internet protocol security service unit, to said 
security association management requests received at said management server, said 
management server being deployed in said service device, wherein said application device is 
connected to said service device by a communication network (Leung, col 4, lines 33-45, 
"While authentication determines who an entity is, authorization determines what services a user 
is allowed to perform, or access. ... available at http://www.ietf.org/intemet-drafts/draft-grant- 
tacacs-02.txt, describes"). 

In regard to claim 23, Leung discloses: 

- issuing, from at least one management client deployed in an application device, 
security association management requests to create and manage, with a session key 
management protocol, security associations for use by one or more internet protocol security 
services comprising at least one of authentication services and encryption services provided by 
an internet protocol security service unit external to said application device (Leung, col 7, lines 
62-68, "A suitable algorithm for clearing security associations from the Home Agent's memory 
may be employed (e.g., a least recently used (LRU) algorithm). While this approach can reduce 
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traffic between server and Home Agent—and thereby eliminate attendant delay—it must also 
account for modifications of security associations (e.g., keys) on the server"); 

- communicating at least one of said issued security association management requests 
to a management server external to said application device, said management server 
configured to respond to said security association management requests in connection with 
said internet protocol security service unit (Leung, col 10, lines 18-24, "an architecture having a 
single processor that handles communications as well as routing computations, etc. would also 
be acceptable. Further, other types of interfaces and media could also be used with the router. 
Still further, in some cases, the invention can be implemented on network devices other than 
routers"). 

In regard to claim 24, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
said internet protocol security service unit being deployed in a service device (Leung, col 8, 
lines 17-26, "FIG. 8 is a process flow diagram illustrating the steps performed during 
authentication of a mobile node according to a second embodiment of the invention. As shown, 
process steps performed by the mobile node are illustrated along vertical line 802, steps 
performed by the Home Agent are illustrated along vertical line 804, and steps performed by the 
server are illustrated along vertical line 806. Again, the server is preferably an AAA server that 
can provide authorization and accounting services as well as authentication services"); 

- receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with said 
providing the one or more internet protocol security services, to said received security 
association management requests (Leung, col 7, lines 35-47, "At step 714, the server receives 
the packet identifying the mobile node (e.g., an authorization request packet) from the Home 

Agent appropriate format (e.g., a TACACS+ authorization reply packet) and includes the 

security association"). 



In regard to claim 25, Leung discloses: 
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- managing means for issuing security association management requests to create and 
manage, with a session key management protocol, security associations for use by one or more 
internet protocol security services comprising at least one of authentication services and 
encryption services provided by an internet protocol security service means external to said 
apparatus (Leung, col 7, lines 35-47, "At step 714, the server receives the packet identifying the 
mobile node (e.g., an authorization request packet) from the Home Agent. ... send the security 
association to the Home Agent for authentication of the mobile node (716). The server constructs 
a packet in the appropriate format (e.g., a TACACS+ authorization reply packet) and includes 
the security association"). 

- communicating means for communicating said issued security association 
management requests to a management server external to said apparatus, said management 
server configured to respond to said security association management requests in connection 
with said internet protocol security service means (Leung, col 10, lines 18-24, "an architecture 
having a single processor that handles communications as well as routing computations, etc. 
would also be acceptable. Further, other types of interfaces and media could also be used with 
the router. Still further, in some cases, the invention can be implemented on network devices 
other than routers"). 

In regard to claim 26, Leung discloses: 

internet protocol security service means for providing one or more internet protocol 
security services comprising at least one of authentication services and encryption services 
(Leung, col 6, lines 32-36, "the centralized server may provide authentication services and/or 
authorization services. While authentication determines who an entity is, authorization 
determines what services a user is allowed to perform, or access"); 

- receiving means for receiving security association management requests issued from 
at least one management client external to said apparatus and for responding, in connection 
with said internet protocol security service means, to said received security association 
management requests 9 Leung, col 7, lines 35-47, "At step 714, the server receives the packet 
identifying the mobile node (e.g., an authorization request packet) from the Home Agent. ... 
send the security association to the Home Agent for authentication of the mobile node (716). The 
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server constructs a packet in the appropriate format (e.g., a TACACS+ autiiorization reply 
packet) and includes the security association"). 

Claim Rejections - 35 USC § 103 
7. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
maimer in which the invention was made. 

Claim 1 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over U.S Patent No. 
6,760,444 to Leung et al. 

Regarding claim 7, Leung does not disclose the structure of the network connecting the 
Home Agents to the servers. 

Official notice is given that it is well-known in the art to implement computer 
connections using a local network. 

Therefore it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to implement Leung's invention using a local network. 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure (see form "PTO-892 Notice of Reference Cited"). 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Monjour Rahim whose telephone number is (571)270-3890. The examiner 
can normally be reached on 5:30 AM -3:30 PM (Mo-Th). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (in USA or CANADA) or 571-272-1000. 



/Monjour Rahim/ 
Patent Examiner 
Art Unit: 2434 
Date: 12/19/2008 

/Kambiz Zand/ 



Supervisory Patent Examiner, Art Unit 2434 



